View
9
Download
0
Category
Preview:
Citation preview
Undecidability of Equality for Codata Types
Ulrich Berger and Anton Setzer
Swansea UniversityCMCS’18 Thessaloniki, Greece
15 April 2018
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 1/ 29
The Need for Decidable Equality
Codata Types and Coalgebras
Undecidability of Weak Forms of Equality
Conclusion
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 2/ 29
The Need for Decidable Equality
The Need for Decidable Equality
Codata Types and Coalgebras
Undecidability of Weak Forms of Equality
Conclusion
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 3/ 29
The Need for Decidable Equality
Goal Directed Theorem Prover (Here Coq)
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 4/ 29
The Need for Decidable Equality
Theorems as Functional Programs with Holes (Agda)
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 5/ 29
The Need for Decidable Equality
Need for Decidability of Equality
I Agda’s approach requires decidability of type checking.
I Type checking for dependently typed programs relies on a decidableequality:
λX .λx .x : ΠX :A→Set(X a→ X b)⇔ a and b are equal elements of A
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 6/ 29
The Need for Decidable Equality
Three Equalities in Agda
I Definitional equality - decidable equality used during typechecking.
f = g : N→ N⇔ f , g are “equivalent” programs.
I User-defined equalities.I Can be undecidable.I Can be used to prove correctness of programs.I For coalgebras the standard choice is bisimilarity defined
coinductively.
I Propositional equality.I Generic equality type based on definitional equality.I Not relevant for this talk.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 7/ 29
Codata Types and Coalgebras
The Need for Decidable Equality
Codata Types and Coalgebras
Undecidability of Weak Forms of Equality
Conclusion
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 8/ 29
Codata Types and Coalgebras
Codata Types
I Algebraic data types introduce least fixed points:
data N : Set where0 : Nsuc : N→ N
I Codata types introduce largest fixed point:
codata Stream : Set where:: : N→ Stream→ Stream
fun2Stream : (N→ N)→ Streamfun2Stream f = f 0 :: fun2Stream (f ◦ suc)
I Infinite terms + non normalisation unless we restrict expansion:
fun2Stream f = f 0 :: fun2Stream (f ◦ suc)= f 0 :: f 1 :: fun2Stream (f ◦ suc2)= f 0 :: f 1 :: f 2 :: fun2Stream (f ◦ suc3)= · · ·Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 9/ 29
Codata Types and Coalgebras
Problems of Codata Types
I This implies that if for some n
∀k < n . f k = g kf ◦ sucn = g ◦ sucn
then
fun2Stream f = f 0 :: f 1 :: · · · :: f (n − 1) :: fun2Stream (f ◦ sucn)= g 0 :: g 1 :: · · · :: g (n − 1) :: fun2Stream (g ◦ sucn)= fun2Stream g
I But this makes the equality undecidable.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 10/ 29
Codata Types and Coalgebras
Problems of Codata Types
I Definition of functions by pattern matching:
inc : Stream→ Streaminc (n :: s) = (n + 1) :: inc s
I Assumes every s : Stream is of the form s = n :: s ′ for some t.I We will see that this results in undecidability of equality.
I Problem was fixed in Coq and early versions of Agda by applyingspecial restrictions on when to expand the defining equations forfun2Stream. Resulted in subject-reduction problem
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 11/ 29
Codata Types and Coalgebras
Coalgebras as Observations + Copattern Matching
I New approach (Abel, Pientka, Setzer, Thibodeau, POPL’13):
I Coinductive Types defined by observations:
coalg Stream : Set wherehead : Stream→ Ntail : Stream→ Stream
I Elements of Stream defined by copattern matching:
fun2Stream : (N→ N)→ Streamhead (fun2Stream f ) = f 0tail (fun2Stream f ) = fun2Stream (f ◦ suc)
I (fun2Stream f ) is in normal form, if f in normal form.I Reductions are only carried out after applying head or tail to it.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 12/ 29
Codata Types and Coalgebras
Constructor as Defined Operation
I :: is not a constructor but defined by copattern matching:
:: : N→ Stream→ Streamhead (n :: s) = ntail (n :: s) = s
I We don’t haves = head s :: tail s
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 13/ 29
Codata Types and Coalgebras
Applications of the Copattern Approach
Examples of projects of using copattern matching for proving theorems inAgda
I With Chuang: Representation of constructive reals usingcoalgebras. (PhD thesis Chi Ming Chuang).
I With Bashar Igried: CSP-Agda.I Representation of the process algebra CSP in Agda in a coalgebraic
way.I Proof of algebraic laws using trace semantics, stable failures semantics,
failures divergences infinite traces semantics, bisimilarity, anddivergence respecting weak bisimilarity.
I With Peter Hancock IO monad as coalgebra.
I With Andreas Abel and Stephan Adelsberger: Representations ofobjects and GUIs as coalgebras. (Abel, Adelsberger, Setzer, JFunctional Programming 2017)
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 14/ 29
Undecidability of Weak Forms of Equality
The Need for Decidable Equality
Codata Types and Coalgebras
Undecidability of Weak Forms of Equality
Conclusion
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 15/ 29
Undecidability of Weak Forms of Equality
Encoding of Streams
Definition
(a) An encoding of streams (Stream, head, tail,==) is given by:
1. A subset Stream ⊆ N.2. An equivalence relation == ⊆ Stream× Stream written infix.3. Functions head : Stream→ N, tail : Stream→ Stream that are
congruences.
(b) An encoding of streams is injective if 〈head, tail〉 is injective i.e.
∀s, s ′ : Stream .head(s) = head(s ′) ∧ tail(s) == tail(s ′)→ s == s ′
(c) An encoding of streams is universal if it allows to define functions byprimitive corecursion.
(c) An encoding of streams is coiteratively universal if it allows to definefunctions by primitive coiteration.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 16/ 29
Undecidability of Weak Forms of Equality
Equalities Extending ==
Definition
Assume an encoding of streams.
s ==<ω t ⇔ ∃n.(∀i < n.(s)i = (t)i ) ∧ tailn(s) == tailn(t)
s ∼ t ⇔ ∀i ∈ N . (s)i = (t)i
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 17/ 29
Undecidability of Weak Forms of Equality
Injectivity does not imply Bisimilarity
Lemma
(a) ==<ω is the least injective equivalence relation containing == andrespecting head, tail.
(b) == ⊆ ==<ω ⊆ ∼.(c) For the standard model of streams in Agda we have that
== 6= ==<ω 6= ∼.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 18/ 29
Undecidability of Weak Forms of Equality
Decidable Streams Not Determined by head, tail
Theorem
(a) Every injective universal encoding of streams has an undecidableequality.
(b) The same applies to injective coiteratively universal encodings.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 19/ 29
Undecidability of Weak Forms of Equality
Decidable Streams Not Always of Form cons(n, s)
Corollary
(a) Assume a universal or coiteratively universal encoding of streamstogether with a cons function respecting equalities. If
∀s : Stream . s == cons(head(s), tail(s))
then == is undecidable.
(b) Assume cons as in (a). Assume
∀s : Stream, n : N . head(cons(n, s)) = n ∧ tail(cons(n, s)) == s∀s : Stream .∃n, s ′ . s == cons(n, s ′)
Then == is undecidable.
(c) ==<ω and ∼ are both undecidable.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 20/ 29
Undecidability of Weak Forms of Equality
Proof of Main Theorem
I A proof of undecidability of ∼ is easy since extensional equality onN→ N is undecidable by undecidability of Turing halting problem.
I We cannot use this fact, since in general ==<ω 6=∼.
I Instead we use the following theorem from computability theory,where {e} is the partial function defined by the eth Turing Machine:
Theorem
(Rosser, Kleene, Novikov, Trakhtenbrot)Let A := {e | {e} ' 0} and B := {e | {e} ' 1}.Then A and B are recursively inseparable:There is no (total) computable function f : N→ {0, 1} such that∀e ∈ A . f (e) = 0 and ∀e ∈ B . f (e) = 1
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 21/ 29
Undecidability of Weak Forms of Equality
Proof of Main Theorem
I Assume a universal injective encoding of streams.
I We define f : N→ Stream mapping Turing Machines with code e tostreams as follows.If we had codata types the definition would be:
I If e terminates after k steps with result r
f (e) = 0 :: 0 :: · · · :: 0︸ ︷︷ ︸k
:: r :: r :: r :: · · ·
I If e never terminates then
f (e) = 0 :: 0 :: · · ·
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 22/ 29
Undecidability of Weak Forms of Equality
Proof of Main Theorem
I f (e) = g(e, 0) where
head(g(e, n)) = 0
tail(g(e, n)) =
g(e, n + 1) if e has not terminated
after k stepsconst(r) if e has terminated
after k steps with result r
where const(r) is a fixed constant stream returning always r .
I g defined by primitive corecursion.It can be defined with some extra effort by primitive coiteration.
I It is crucial that after having terminated we give back the samestream const(r), not only a stream bisimilar to const(r).
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 23/ 29
Undecidability of Weak Forms of Equality
Proof of Main Theorem
I Assume that the encoding of streams is injective.
I If {e} ' 0, then f (e) == const(0).
I If {e} ' 1 then ¬(f (e) == const(0)).
I So if == were decidable, the function
λe.f (e) == const(0)
would separate {e | {e} ' 0} from {e | {e} ' 1},a contradiction.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 24/ 29
Conclusion
The Need for Decidable Equality
Codata Types and Coalgebras
Undecidability of Weak Forms of Equality
Conclusion
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 25/ 29
Conclusion
Conclusion
I Decidable type checking requires decidable definitional equality.I With decidable equality we cannot assume for weakly final
coalgebras thatI streams are determined by head and tailI or that every stream is of the form cons(n,s).
I Proof using advanced result from computability theorem, not justundecidability of halting problem for Turing Machines.
I Codata approach implicitly assumes that every stream is of theform cons(n, s), resulting in an undecidable equality.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 26/ 29
Conclusion
Conclusion
I Problem of codata types can be fixed by defining coinductive types byobservations and copattern matching.
I However streams are not always of the form cons(n, s).
I Defining coalgebras by observations and copattern matching has beenused in Agda successfully for large scale implementation andverification of processes, IO programs, objects and GUIs.
I In Agda there exist a musical approach to codata types, which canbe considered as syntactic sugar for coalgebras while behaving asclose as possible to codata types.
I Currently not much used.I See discussion in CMCS’18 paper.
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 27/ 29
Conclusion
One Referee: Is the paper nothing but another nail in thecoffin of the co-data approach?
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 28/ 29
Conclusion
Coalgebras to the Rescue
Ulrich Berger and Anton Setzer (Swansea) Undecidability of Equality for Codata Types 29/ 29
Recommended